Trojaner-Board - Dateien nur noch als Verknüpfung auf externer FP

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Dateien nur noch als Verknüpfung auf externer FP (https://www.trojaner-board.de/107175-dateien-nur-noch-verknuepfung-externer-fp.html)

Dateien nur noch als Verknüpfung auf externer FP

Hallo Community.

Ich habe mich ein wenig belesen, was die Probleme betrifft und musste feststellen, dass viele das gleiche o.g. Problem haben wie ich.

Cosinus, du hast hier ne nette Anleitung vor geraumer Zeit gepostet, was den "Eset-onlne-scanner" betrifft.
Ich habe mich der Sache mal angenommen und die Log-File erstellen lassen, die wie folgt aussieht:
(bedanke mich schonmal im vorraus für die Hilfe)

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6aba6c256269cb4e822ab4b56cccff39
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-29 12:43:36
# local_time=2011-12-29 01:43:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 23747 23747 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 23669 162632749 0 0
# compatibility_mode=8192 67108863 100 0 3776 3776 0 0
# scanned=211215
# found=15
# cleaned=0
# scan_time=19394
C:\Program Files\PDFCreator\Toolbar\is-6TBMF.tmp Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
F:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Bewerbungen.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Bilder.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\HD-Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Musik-Alben.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Soundtrack-Alben.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000\$RGDOKL9.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\HD-Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Hi cosinus,
hier mal die ergebnisse von malewarebytes:

zitat:
"Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.02

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 8.0.6001.19170
Dennis :: DENNIS-PC [Administrator]

30.12.2011 16:40:51
mbam-log-2011-12-30 (16-40-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385919
Laufzeit: 2 Stunde(n), 12 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)"

was sagt mir das jetzt? nichts gefunden mit diesem prog...was nun?
lg

habe hier noch 3 ältere gefunden....
(im anhang)

lg

Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:

attrib -s -h "x:\ordner" /s /d

x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein

Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html

Mach danach ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ich hoffe, ich habe deine "code-anleitung" richtig interpretiert....
was ist denn mit dem "extra.txt"? brauchst du den text auch?

greetz

OTL Logfile:

Code:

OTL logfile created on: 01.01.2012 11:15:53 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dennis\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,85% Memory free

4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS

Drive D: | 26,45 Gb Total Space | 22,72 Gb Free Space | 85,93% Space Free | Partition Type: FAT32

Drive E: | 58,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 931,51 Gb Total Space | 534,84 Gb Free Space | 57,42% Space Free | Partition Type: NTFS

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe

PRC - [2011.12.28 20:03:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe

PRC - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.08.02 16:14:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.11.13 10:35:10 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2009.04.11 07:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe

PRC - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) -- C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe

PRC - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe

PRC - [2007.09.04 11:41:00 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe

PRC - [2007.09.03 17:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.08.31 10:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe

PRC - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe

PRC - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.07.12 15:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.04.13 17:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe

PRC - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe

PRC - [2007.02.07 17:23:22 | 001,581,056 | ---- | M] () -- D:\MDESIGN\MDESIGN\TEDATA.exe

PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) -- D:\MDESIGN\MDESIGN\lmgrd.exe

PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.28 20:03:21 | 000,849,368 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2007.09.04 11:45:54 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll

MOD - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe

MOD - [2007.09.04 11:37:26 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll

MOD - [2007.09.04 11:37:14 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll

MOD - [2007.09.04 11:37:02 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll

MOD - [2007.09.04 11:37:00 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll

MOD - [2007.09.04 11:36:54 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll

MOD - [2007.09.04 11:36:48 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll

MOD - [2007.09.04 11:36:44 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (sdCoreService)

SRV - File not found [On_Demand | Stopped] --  -- (sdAuxService)

SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)

SRV - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009.12.04 21:41:39 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009.11.13 10:27:56 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2009.11.07 18:40:19 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009.10.02 11:45:18 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc)

SRV - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2007.09.04 11:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)

SRV - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)

SRV - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)

SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] -- D:\MDESIGN\MDESIGN\lmgrd.exe -- (MDESIGN License Manager)

SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2008.02.01 10:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)

DRV - [2007.12.10 12:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)

DRV - [2007.12.10 12:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)

DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007.08.08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)

DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)

DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)

DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: D:\TOOLS\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.28 20:03:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.28 20:03:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

 

[2009.06.24 17:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions

[2012.01.01 10:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions

[2010.07.11 10:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.12.29 17:09:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml

[2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml

[2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml

[2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml

[2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml

[2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml

[2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml

[2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml

[2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml

[2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml

[2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml

[2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml

[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml

[2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml

[2011.11.23 18:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.23 18:29:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.15 15:41:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.15 15:41:18 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.15 15:41:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.15 15:41:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.15 15:41:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161 (Image Uploader Control)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 (Image Uploader Control)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.31.65.69

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 94.31.65.69

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ]

O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc.                                                                              ) - E:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ]

O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ]

O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a

O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found

MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( )

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sdauxservice -  File not found

SafeBootMin: sdcoreservice -  File not found

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger -  File not found

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sdauxservice -  File not found

SafeBootNet: sdcoreservice -  File not found

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {3C4CA55D-C315-C489-36DE-31DB5817CCA9} - Microsoft Windows Media Player 11.0

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5E7C766A-B2D5-42F9-338E-8F172E80EF38} - 

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {734825D4-5ACB-3DA4-FA6A-600DD12F778A} - Adobe Shockwave Director 10.2

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)

Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)

Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.01 11:11:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe

[2011.12.30 16:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.30 16:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.30 16:39:06 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.28 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.12.28 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira

[2011.12.28 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.12.28 14:44:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011.12.28 14:44:42 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.28 14:44:42 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.28 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe

[2012.01.01 10:51:26 | 000,000,004 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS

[2012.01.01 10:50:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.01 10:26:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.01 10:24:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2012.01.01 10:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.01 10:24:33 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.30 16:40:00 | 000,787,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.30 16:40:00 | 000,727,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.30 16:40:00 | 000,189,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.30 16:40:00 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.30 16:39:10 | 000,000,481 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.30 16:15:34 | 000,125,440 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.28 14:45:05 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.12.28 14:29:06 | 000,563,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.28 14:06:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.12.30 16:39:10 | 000,000,481 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.28 14:45:05 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.09.10 07:18:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011.09.07 13:57:49 | 000,239,076 | ---- | C] () -- C:\Windows\hpwins26.dat

[2011.09.07 13:53:49 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini

[2011.04.23 06:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini

[2010.03.08 18:41:21 | 000,105,199 | ---- | C] () -- C:\Windows\Restart.EXE

[2009.09.25 19:41:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.25 19:41:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.08.18 07:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat

[2008.11.05 18:08:13 | 000,003,976 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat

[2008.08.30 02:01:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.08.20 14:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.07.19 04:32:16 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL

[2008.06.19 15:45:49 | 000,000,680 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat

[2008.05.12 03:42:50 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008.05.12 03:42:50 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008.05.12 03:37:59 | 000,125,440 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.04.29 14:07:52 | 000,000,004 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS

[2008.01.23 14:51:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html

[2008.01.23 13:48:14 | 000,000,094 | ---- | C] () -- C:\Users\Dennis\AppData\Local\fusioncache.dat

[2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008.01.02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007.09.19 06:56:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007.09.18 19:01:37 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll

[2007.09.18 19:01:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

[2007.09.18 08:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2007.09.18 08:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini

[2007.09.18 08:16:24 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2007.09.12 08:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007.09.12 08:35:40 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.09.12 08:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll

[2007.09.12 08:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006.11.02 16:33:31 | 000,787,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,189,508 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,563,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,727,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,153,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini

[2000.04.18 03:02:00 | 000,000,110 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT

 
 ========== LOP Check ==========

 

[2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk

[2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus

[2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service

[2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard

[2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis

[2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ

[2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar

[2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express

[2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX

[2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner

[2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge

[2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache

[2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis

[2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template

[2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software

[2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core

[2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent

[2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia

[2011.12.31 19:12:31 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010.12.16 18:46:59 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2008.02.23 09:00:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe

[2010.09.15 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ahead

[2008.11.19 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer

[2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk

[2011.12.28 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira

[2008.05.12 03:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU

[2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus

[2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service

[2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard

[2008.04.29 14:07:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink

[2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis

[2009.04.20 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX

[2011.06.17 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\dvdcss

[2008.01.23 14:07:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Google

[2011.08.30 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\HP

[2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ

[2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar

[2008.01.23 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities

[2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express

[2008.02.10 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\InstallShield

[2008.01.23 14:10:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia

[2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX

[2011.07.31 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs

[2011.10.07 11:32:22 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft

[2009.02.23 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Move Networks

[2009.06.24 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla

[2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner

[2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2008.05.07 01:26:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Tools

[2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge

[2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache

[2008.11.27 07:07:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM

[2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis

[2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template

[2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software

[2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core

[2010.09.13 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\U3

[2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent

[2011.11.20 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc

[2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia

[2008.07.02 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR

[2008.07.12 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2009.03.02 18:34:22 | 010,684,866 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Azureus\plugins\azump\mplayer.exe

[2011.09.30 19:02:24 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009.11.07 18:24:42 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2009.02.06 00:56:14 | 000,097,144 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe

[2009.02.23 19:49:09 | 000,034,063 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\Uninst.exe

[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe

[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe

[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe

[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe

[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe

[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe

[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe

[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe

[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys

[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys

[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys

[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys

[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys

[2007.07.12 15:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2008.01.19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

[2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml

[2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml

[2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml

[2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml

[2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml

[2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml

[2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml

[2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml

[2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml

[2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml

[2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml

[2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml

[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml

[2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ]

O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc.                                                                              ) - E:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ]

O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ]

O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a

O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun

O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

[2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files

F:\*.lnk

F:\$RECYCLE.BIN\S-1-5-21*

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hi,
hier das log nach otl-fix:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl

Prefs.js: "Google" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage

Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml moved successfully.

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File  not found.

File move failed. E:\autorun.exe scheduled to be moved on reboot.

File move failed. E:\autorun.ico scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

File move failed. E:\autorun.tgt scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.

File H:\setup.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\LaunchU3.exe -a not found.

C:\Users\Dennis\AppData\Roaming\ICQ Toolbar folder moved successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== FILES ==========

F:\$RECYCLE.BIN.lnk moved successfully.

F:\Bewerbungen.lnk moved successfully.

F:\Bilder.lnk moved successfully.

F:\Filme.lnk moved successfully.

F:\HD-Filme.lnk moved successfully.

F:\Musik-Alben.lnk moved successfully.

F:\Musik.lnk moved successfully.

F:\Soundtrack-Alben.lnk moved successfully.

F:\System Volume Information.lnk moved successfully.

F:\Videos.lnk moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000 folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-2617947982-1946965418-1152030714-1000 folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-3005907653-400381532-2282554573-1000 folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RW6BGAU folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE\Sample folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003 folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-524960744-1537308869-899931187-1000 folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RJR72HJ folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$R4383VG folder moved successfully.

F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Dennis

->Temp folder emptied: 134965747 bytes

->Temporary Internet Files folder emptied: 264576074 bytes

->Java cache emptied: 21975953 bytes

->FireFox cache emptied: 122684728 bytes

->Flash cache emptied: 13548041 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 106498628 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 634,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_122757
 

Files\Folders moved on Reboot...

File move failed. E:\autorun.exe scheduled to be moved on reboot.

File move failed. E:\autorun.ico scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

File move failed. E:\autorun.tgt scheduled to be moved on reboot.

File\Folder C:\Windows\temp\JETBB04.tmp not found!

C:\Windows\temp\JETF314.tmp moved successfully.
 

Registry entries deleted on Reboot...

greetz

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ich bin verwirrt. warum zeigt er mir nix an? habe ich in den schritten davor irgendetwas falsch gemacht? oder ist die fp nun clean?
greetz

Code:

17:30:45.0967 1508        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

17:30:46.0164 1508        ============================================================

17:30:46.0164 1508        Current date / time: 2012/01/02 17:30:46.0164

17:30:46.0164 1508        SystemInfo:

17:30:46.0164 1508        

17:30:46.0164 1508        OS Version: 6.0.6002 ServicePack: 2.0

17:30:46.0164 1508        Product type: Workstation

17:30:46.0165 1508        ComputerName: DENNIS-PC

17:30:46.0165 1508        UserName: Dennis

17:30:46.0165 1508        Windows directory: C:\Windows

17:30:46.0165 1508        System windows directory: C:\Windows

17:30:46.0165 1508        Processor architecture: Intel x86

17:30:46.0165 1508        Number of processors: 2

17:30:46.0165 1508        Page size: 0x1000

17:30:46.0165 1508        Boot type: Normal boot

17:30:46.0165 1508        ============================================================

17:30:47.0865 1508        Initialize success

17:33:58.0757 5836        ============================================================

17:33:58.0757 5836        Scan started

17:33:58.0758 5836        Mode: Manual; SigCheck; TDLFS; 

17:33:58.0758 5836        ============================================================

17:34:00.0856 5836        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

17:34:01.0045 5836        ACPI - ok

17:34:01.0221 5836        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

17:34:01.0290 5836        adp94xx - ok

17:34:01.0376 5836        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

17:34:01.0417 5836        adpahci - ok

17:34:01.0466 5836        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

17:34:01.0496 5836        adpu160m - ok

17:34:01.0520 5836        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

17:34:01.0554 5836        adpu320 - ok

17:34:01.0659 5836        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

17:34:01.0766 5836        AFD - ok

17:34:01.0868 5836        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

17:34:02.0063 5836        AgereSoftModem - ok

17:34:02.0115 5836        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:34:02.0143 5836        aic78xx - ok

17:34:02.0189 5836        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys

17:34:02.0216 5836        aliide - ok

17:34:02.0248 5836        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

17:34:02.0277 5836        amdagp - ok

17:34:02.0293 5836        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys

17:34:02.0320 5836        amdide - ok

17:34:02.0353 5836        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

17:34:02.0457 5836        AmdK7 - ok

17:34:02.0484 5836        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

17:34:02.0595 5836        AmdK8 - ok

17:34:02.0717 5836        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

17:34:02.0745 5836        arc - ok

17:34:02.0782 5836        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

17:34:02.0812 5836        arcsas - ok

17:34:02.0915 5836        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:34:03.0001 5836        AsyncMac - ok

17:34:03.0050 5836        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

17:34:03.0079 5836        atapi - ok

17:34:03.0165 5836        ATSWPDRV        (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys

17:34:03.0242 5836        ATSWPDRV - ok

17:34:03.0334 5836        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

17:34:03.0374 5836        avgntflt - ok

17:34:03.0398 5836        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

17:34:03.0429 5836        avipbb - ok

17:34:03.0500 5836        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:34:03.0605 5836        Beep - ok

17:34:03.0639 5836        blbdrive - ok

17:34:03.0698 5836        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

17:34:03.0765 5836        bowser - ok

17:34:03.0856 5836        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:34:03.0917 5836        BrFiltLo - ok

17:34:03.0958 5836        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:34:04.0028 5836        BrFiltUp - ok

17:34:04.0082 5836        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:34:04.0192 5836        Brserid - ok

17:34:04.0225 5836        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:34:04.0357 5836        BrSerWdm - ok

17:34:04.0396 5836        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:34:04.0500 5836        BrUsbMdm - ok

17:34:04.0539 5836        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:34:04.0627 5836        BrUsbSer - ok

17:34:04.0671 5836        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:34:04.0777 5836        BTHMODEM - ok

17:34:04.0878 5836        Cam5607         (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys

17:34:05.0008 5836        Cam5607 - ok

17:34:05.0104 5836        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:34:05.0202 5836        cdfs - ok

17:34:05.0260 5836        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

17:34:05.0336 5836        cdrom - ok

17:34:05.0391 5836        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

17:34:05.0498 5836        circlass - ok

17:34:05.0549 5836        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

17:34:05.0595 5836        CLFS - ok

17:34:05.0685 5836        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

17:34:05.0765 5836        CmBatt - ok

17:34:05.0819 5836        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys

17:34:05.0847 5836        cmdide - ok

17:34:05.0908 5836        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

17:34:05.0935 5836        Compbatt - ok

17:34:05.0966 5836        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

17:34:05.0993 5836        crcdisk - ok

17:34:06.0024 5836        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

17:34:06.0133 5836        Crusoe - ok

17:34:06.0232 5836        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

17:34:06.0285 5836        DfsC - ok

17:34:06.0373 5836        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

17:34:06.0406 5836        disk - ok

17:34:06.0487 5836        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

17:34:06.0569 5836        Dot4 - ok

17:34:06.0602 5836        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

17:34:06.0673 5836        Dot4Print - ok

17:34:06.0707 5836        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

17:34:06.0788 5836        dot4usb - ok

17:34:06.0866 5836        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:34:06.0916 5836        drmkaud - ok

17:34:06.0970 5836        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

17:34:07.0028 5836        DXGKrnl - ok

17:34:07.0073 5836        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:34:07.0194 5836        E1G60 - ok

17:34:07.0258 5836        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

17:34:07.0300 5836        Ecache - ok

17:34:07.0367 5836        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

17:34:07.0408 5836        elxstor - ok

17:34:07.0482 5836        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

17:34:07.0545 5836        exfat - ok

17:34:07.0577 5836        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

17:34:07.0642 5836        fastfat - ok

17:34:07.0669 5836        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

17:34:07.0779 5836        fdc - ok

17:34:07.0836 5836        FETNDIS         (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys

17:34:07.0940 5836        FETNDIS - ok

17:34:08.0014 5836        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:34:08.0044 5836        FileInfo - ok

17:34:08.0101 5836        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:34:08.0164 5836        Filetrace - ok

17:34:08.0207 5836        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

17:34:08.0313 5836        flpydisk - ok

17:34:08.0372 5836        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

17:34:08.0413 5836        FltMgr - ok

17:34:08.0506 5836        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:34:08.0567 5836        Fs_Rec - ok

17:34:08.0605 5836        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

17:34:08.0635 5836        gagp30kx - ok

17:34:08.0756 5836        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:34:08.0941 5836        HdAudAddService - ok

17:34:09.0002 5836        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:34:09.0127 5836        HDAudBus - ok

17:34:09.0157 5836        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:34:09.0277 5836        HidBth - ok

17:34:09.0309 5836        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:34:09.0419 5836        HidIr - ok

17:34:09.0479 5836        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

17:34:09.0522 5836        HidUsb - ok

17:34:09.0559 5836        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

17:34:09.0587 5836        HpCISSs - ok

17:34:09.0646 5836        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

17:34:09.0798 5836        HTTP - ok

17:34:09.0864 5836        hwdatacard - ok

17:34:09.0898 5836        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

17:34:09.0923 5836        i2omp - ok

17:34:10.0000 5836        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:34:10.0067 5836        i8042prt - ok

17:34:10.0132 5836        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys

17:34:10.0156 5836        iaStor - ok

17:34:10.0191 5836        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

17:34:10.0229 5836        iaStorV - ok

17:34:10.0333 5836        igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

17:34:10.0610 5836        igfx - ok

17:34:10.0658 5836        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:34:10.0685 5836        iirsp - ok

17:34:10.0742 5836        IKFileSec       (3d8a88bd1e6a640807691198a8342e8c) C:\Windows\system32\drivers\ikfilesec.sys

17:34:10.0766 5836        IKFileSec - ok

17:34:10.0797 5836        IKSysFlt        (7583e2211097d273fca4e3fce04f639f) C:\Windows\system32\drivers\iksysflt.sys

17:34:10.0823 5836        IKSysFlt - ok

17:34:10.0855 5836        IKSysSec        (2402f65f1eca5159c8f0f16066f4bded) C:\Windows\system32\drivers\iksyssec.sys

17:34:10.0880 5836        IKSysSec - ok

17:34:11.0016 5836        IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys

17:34:11.0358 5836        IntcAzAudAddService - ok

17:34:11.0504 5836        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

17:34:11.0531 5836        intelide - ok

17:34:11.0713 5836        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:34:11.0777 5836        intelppm - ok

17:34:11.0862 5836        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:34:11.0933 5836        IpFilterDriver - ok

17:34:11.0952 5836        IpInIp - ok

17:34:12.0004 5836        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

17:34:12.0112 5836        IPMIDRV - ok

17:34:12.0168 5836        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:34:12.0240 5836        IPNAT - ok

17:34:12.0281 5836        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:34:12.0361 5836        IRENUM - ok

17:34:12.0404 5836        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

17:34:12.0432 5836        isapnp - ok

17:34:12.0485 5836        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

17:34:12.0512 5836        iScsiPrt - ok

17:34:12.0536 5836        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:34:12.0562 5836        iteatapi - ok

17:34:12.0596 5836        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:34:12.0623 5836        iteraid - ok

17:34:12.0669 5836        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:34:12.0697 5836        kbdclass - ok

17:34:12.0737 5836        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

17:34:12.0792 5836        kbdhid - ok

17:34:12.0860 5836        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

17:34:12.0932 5836        KSecDD - ok

17:34:13.0032 5836        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:34:13.0134 5836        lltdio - ok

17:34:13.0197 5836        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

17:34:13.0225 5836        LSI_FC - ok

17:34:13.0252 5836        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

17:34:13.0281 5836        LSI_SAS - ok

17:34:13.0303 5836        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

17:34:13.0332 5836        LSI_SCSI - ok

17:34:13.0391 5836        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:34:13.0469 5836        luafv - ok

17:34:13.0531 5836        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

17:34:13.0557 5836        megasas - ok

17:34:13.0636 5836        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:34:13.0700 5836        Modem - ok

17:34:13.0758 5836        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:34:13.0821 5836        monitor - ok

17:34:13.0875 5836        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:34:13.0902 5836        mouclass - ok

17:34:13.0925 5836        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:34:13.0979 5836        mouhid - ok

17:34:14.0059 5836        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:34:14.0089 5836        MountMgr - ok

17:34:14.0150 5836        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

17:34:14.0182 5836        mpio - ok

17:34:14.0241 5836        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:34:14.0297 5836        mpsdrv - ok

17:34:14.0335 5836        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:34:14.0363 5836        Mraid35x - ok

17:34:14.0403 5836        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

17:34:14.0463 5836        MRxDAV - ok

17:34:14.0549 5836        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:34:14.0604 5836        mrxsmb - ok

17:34:14.0660 5836        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:34:14.0720 5836        mrxsmb10 - ok

17:34:14.0749 5836        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:34:14.0801 5836        mrxsmb20 - ok

17:34:14.0848 5836        msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys

17:34:14.0875 5836        msahci - ok

17:34:14.0906 5836        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

17:34:14.0937 5836        msdsm - ok

17:34:15.0024 5836        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:34:15.0093 5836        Msfs - ok

17:34:15.0173 5836        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:34:15.0199 5836        msisadrv - ok

17:34:15.0268 5836        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:34:15.0336 5836        MSKSSRV - ok

17:34:15.0384 5836        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:34:15.0436 5836        MSPCLOCK - ok

17:34:15.0489 5836        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:34:15.0559 5836        MSPQM - ok

17:34:15.0605 5836        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

17:34:15.0642 5836        MsRPC - ok

17:34:15.0674 5836        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:34:15.0694 5836        mssmbios - ok

17:34:15.0731 5836        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:34:15.0804 5836        MSTEE - ok

17:34:15.0821 5836        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

17:34:15.0853 5836        Mup - ok

17:34:15.0909 5836        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

17:34:15.0948 5836        NativeWifiP - ok

17:34:16.0027 5836        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

17:34:16.0108 5836        NDIS - ok

17:34:16.0165 5836        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:34:16.0217 5836        NdisTapi - ok

17:34:16.0274 5836        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:34:16.0345 5836        Ndisuio - ok

17:34:16.0386 5836        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:34:16.0460 5836        NdisWan - ok

17:34:16.0510 5836        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:34:16.0572 5836        NDProxy - ok

17:34:16.0653 5836        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:34:16.0729 5836        NetBIOS - ok

17:34:16.0778 5836        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

17:34:16.0851 5836        netbt - ok

17:34:16.0977 5836        NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

17:34:17.0232 5836        NETw3v32 - ok

17:34:17.0341 5836        NETw4v32        (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys

17:34:17.0581 5836        NETw4v32 - ok

17:34:17.0626 5836        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:34:17.0653 5836        nfrd960 - ok

17:34:17.0725 5836        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

17:34:17.0785 5836        Npfs - ok

17:34:17.0841 5836        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:34:17.0906 5836        nsiproxy - ok

17:34:17.0997 5836        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

17:34:18.0205 5836        Ntfs - ok

17:34:18.0264 5836        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:34:18.0377 5836        ntrigdigi - ok

17:34:18.0418 5836        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:34:18.0488 5836        Null - ok

17:34:18.0524 5836        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

17:34:18.0554 5836        nvraid - ok

17:34:18.0583 5836        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

17:34:18.0610 5836        nvstor - ok

17:34:18.0639 5836        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

17:34:18.0670 5836        nv_agp - ok

17:34:18.0685 5836        NwlnkFlt - ok

17:34:18.0705 5836        NwlnkFwd - ok

17:34:18.0767 5836        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

17:34:18.0885 5836        ohci1394 - ok

17:34:19.0013 5836        Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

17:34:19.0106 5836        Parport - ok

17:34:19.0140 5836        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

17:34:19.0172 5836        partmgr - ok

17:34:19.0205 5836        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

17:34:19.0283 5836        Parvdm - ok

17:34:19.0317 5836        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

17:34:19.0357 5836        pci - ok

17:34:19.0389 5836        pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys

17:34:19.0416 5836        pciide - ok

17:34:19.0477 5836        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:34:19.0513 5836        pcmcia - ok

17:34:19.0591 5836        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:34:19.0890 5836        PEAUTH - ok

17:34:19.0988 5836        PhilCap         (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys

17:34:20.0101 5836        PhilCap - ok

17:34:20.0227 5836        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:34:20.0300 5836        PptpMiniport - ok

17:34:20.0343 5836        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

17:34:20.0455 5836        Processor - ok

17:34:20.0510 5836        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

17:34:20.0550 5836        PSched - ok

17:34:20.0631 5836        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

17:34:20.0790 5836        ql2300 - ok

17:34:20.0817 5836        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:34:20.0848 5836        ql40xx - ok

17:34:20.0905 5836        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:34:20.0954 5836        QWAVEdrv - ok

17:34:21.0057 5836        R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

17:34:21.0332 5836        R300 - ok

17:34:21.0412 5836        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:34:21.0483 5836        RasAcd - ok

17:34:21.0542 5836        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:34:21.0619 5836        Rasl2tp - ok

17:34:21.0659 5836        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

17:34:21.0722 5836        RasPppoe - ok

17:34:21.0764 5836        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

17:34:21.0815 5836        RasSstp - ok

17:34:21.0858 5836        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

17:34:21.0932 5836        rdbss - ok

17:34:21.0986 5836        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:34:22.0053 5836        RDPCDD - ok

17:34:22.0104 5836        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

17:34:22.0218 5836        rdpdr - ok

17:34:22.0257 5836        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:34:22.0320 5836        RDPENCDD - ok

17:34:22.0376 5836        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

17:34:22.0455 5836        RDPWD - ok

17:34:22.0527 5836        RMCAST          (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys

17:34:22.0587 5836        RMCAST - ok

17:34:22.0648 5836        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:34:22.0714 5836        rspndr - ok

17:34:22.0756 5836        RTL8169         (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

17:34:22.0842 5836        RTL8169 - ok

17:34:22.0884 5836        RTSTOR          (d6d7c67a6df41898d9cf11c734690254) C:\Windows\system32\drivers\RTSTOR.SYS

17:34:22.0923 5836        RTSTOR - ok

17:34:22.0968 5836        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:34:22.0998 5836        sbp2port - ok

17:34:23.0061 5836        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:34:23.0171 5836        secdrv - ok

17:34:23.0231 5836        Ser2pl          (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys

17:34:23.0302 5836        Ser2pl - ok

17:34:23.0328 5836        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

17:34:23.0450 5836        Serenum - ok

17:34:23.0474 5836        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys

17:34:23.0587 5836        Serial - ok

17:34:23.0629 5836        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:34:23.0686 5836        sermouse - ok

17:34:23.0729 5836        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

17:34:23.0829 5836        sffdisk - ok

17:34:23.0859 5836        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

17:34:23.0959 5836        sffp_mmc - ok

17:34:23.0995 5836        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

17:34:24.0092 5836        sffp_sd - ok

17:34:24.0115 5836        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:34:24.0213 5836        sfloppy - ok

17:34:24.0288 5836        Si3531          (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys

17:34:24.0311 5836        Si3531 - ok

17:34:24.0338 5836        SiFilter        (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys

17:34:24.0359 5836        SiFilter - ok

17:34:24.0386 5836        SiRemFil        (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys

17:34:24.0407 5836        SiRemFil - ok

17:34:24.0431 5836        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

17:34:24.0458 5836        SiSRaid2 - ok

17:34:24.0488 5836        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

17:34:24.0518 5836        SiSRaid4 - ok

17:34:24.0573 5836        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

17:34:24.0639 5836        Smb - ok

17:34:24.0690 5836        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:34:24.0717 5836        spldr - ok

17:34:24.0802 5836        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

17:34:24.0868 5836        srv - ok

17:34:24.0937 5836        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

17:34:24.0992 5836        srv2 - ok

17:34:25.0084 5836        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

17:34:25.0142 5836        srvnet - ok

17:34:25.0207 5836        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

17:34:25.0230 5836        ssmdrv - ok

17:34:25.0318 5836        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:34:25.0343 5836        swenum - ok

17:34:25.0392 5836        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:34:25.0420 5836        Symc8xx - ok

17:34:25.0441 5836        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:34:25.0467 5836        Sym_hi - ok

17:34:25.0490 5836        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:34:25.0517 5836        Sym_u3 - ok

17:34:25.0567 5836        SynTP           (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys

17:34:25.0601 5836        SynTP - ok

17:34:25.0721 5836        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

17:34:25.0813 5836        Tcpip - ok

17:34:25.0870 5836        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

17:34:25.0940 5836        Tcpip6 - ok

17:34:25.0982 5836        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

17:34:26.0046 5836        tcpipreg - ok

17:34:26.0101 5836        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:34:26.0176 5836        TDPIPE - ok

17:34:26.0221 5836        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:34:26.0293 5836        TDTCP - ok

17:34:26.0345 5836        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

17:34:26.0408 5836        tdx - ok

17:34:26.0445 5836        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

17:34:26.0476 5836        TermDD - ok

17:34:26.0565 5836        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:34:26.0635 5836        tssecsrv - ok

17:34:26.0785 5836        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

17:34:26.0805 5836        TuneUpUtilitiesDrv - ok

17:34:26.0874 5836        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:34:26.0920 5836        tunmp - ok

17:34:26.0968 5836        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

17:34:27.0013 5836        tunnel - ok

17:34:27.0060 5836        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys

17:34:27.0087 5836        uagp35 - ok

17:34:27.0131 5836        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

17:34:27.0184 5836        udfs - ok

17:34:27.0227 5836        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

17:34:27.0254 5836        uliagpkx - ok

17:34:27.0288 5836        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

17:34:27.0321 5836        uliahci - ok

17:34:27.0348 5836        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:34:27.0378 5836        UlSata - ok

17:34:27.0410 5836        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:34:27.0442 5836        ulsata2 - ok

17:34:27.0497 5836        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:34:27.0551 5836        umbus - ok

17:34:27.0624 5836        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:34:27.0694 5836        usbccgp - ok

17:34:27.0735 5836        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:34:27.0854 5836        usbcir - ok

17:34:27.0909 5836        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

17:34:27.0964 5836        usbehci - ok

17:34:28.0013 5836        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

17:34:28.0079 5836        usbhub - ok

17:34:28.0121 5836        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

17:34:28.0230 5836        usbohci - ok

17:34:28.0275 5836        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:34:28.0343 5836        usbprint - ok

17:34:28.0422 5836        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

17:34:28.0465 5836        usbscan - ok

17:34:28.0507 5836        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:34:28.0546 5836        USBSTOR - ok

17:34:28.0602 5836        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:34:28.0655 5836        usbuhci - ok

17:34:28.0710 5836        usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

17:34:28.0830 5836        usbvideo - ok

17:34:28.0885 5836        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

17:34:28.0989 5836        vga - ok

17:34:29.0046 5836        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:34:29.0122 5836        VgaSave - ok

17:34:29.0160 5836        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

17:34:29.0186 5836        viaagp - ok

17:34:29.0212 5836        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

17:34:29.0315 5836        ViaC7 - ok

17:34:29.0348 5836        viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys

17:34:29.0374 5836        viaide - ok

17:34:29.0406 5836        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:34:29.0434 5836        volmgr - ok

17:34:29.0497 5836        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

17:34:29.0539 5836        volmgrx - ok

17:34:29.0578 5836        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

17:34:29.0618 5836        volsnap - ok

17:34:29.0672 5836        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

17:34:29.0700 5836        vsmraid - ok

17:34:29.0740 5836        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:34:29.0840 5836        WacomPen - ok

17:34:29.0891 5836        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:34:29.0946 5836        Wanarp - ok

17:34:29.0953 5836        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:34:30.0006 5836        Wanarpv6 - ok

17:34:30.0070 5836        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

17:34:30.0094 5836        Wd - ok

17:34:30.0146 5836        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:34:30.0196 5836        Wdf01000 - ok

17:34:30.0304 5836        winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys

17:34:30.0373 5836        winusb - ok

17:34:30.0425 5836        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:34:30.0483 5836        WmiAcpi - ok

17:34:30.0577 5836        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

17:34:30.0652 5836        WpdUsb - ok

17:34:30.0735 5836        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:34:30.0807 5836        ws2ifsl - ok

17:34:30.0873 5836        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:34:30.0948 5836        WUDFRd - ok

17:34:31.0016 5836        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys

17:34:31.0037 5836        X10Hid - ok

17:34:31.0081 5836        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys

17:34:31.0097 5836        XUIF - ok

17:34:31.0126 5836        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:34:31.0256 5836        \Device\Harddisk0\DR0 - ok

17:34:31.0263 5836        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

17:34:31.0444 5836        \Device\Harddisk2\DR2 - ok

17:34:31.0449 5836        Boot (0x1200)   (5b325fa6da193ac1f8b5ac3e1edfa415) \Device\Harddisk0\DR0\Partition0

17:34:31.0450 5836        \Device\Harddisk0\DR0\Partition0 - ok

17:34:31.0458 5836        Boot (0x1200)   (f5bba773cc17d10c649b6715d81d63ad) \Device\Harddisk0\DR0\Partition1

17:34:31.0460 5836        \Device\Harddisk0\DR0\Partition1 - ok

17:34:31.0469 5836        Boot (0x1200)   (0b987d3983c4e08162e15b213dd4a995) \Device\Harddisk2\DR2\Partition0

17:34:31.0471 5836        \Device\Harddisk2\DR2\Partition0 - ok

17:34:31.0473 5836        ============================================================

17:34:31.0473 5836        Scan finished

17:34:31.0473 5836        ============================================================

17:34:31.0495 6080        Detected object count: 0

17:34:31.0495 6080        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-01-03.03 - Dennis 03.01.2012  11:36:20.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.359 [GMT 1:00]

ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Downloaded Program Files\IDropPTB.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-03 bis 2012-01-03  ))))))))))))))))))))))))))))))

.

.

2012-01-03 10:49 . 2012-01-03 10:49        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-03 10:27 . 2012-01-03 10:27        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C4E30D-A180-4368-9BD1-3AED2CD2B7D1}\offreg.dll

2012-01-03 10:27 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C4E30D-A180-4368-9BD1-3AED2CD2B7D1}\mpengine.dll

2012-01-02 11:27 . 2012-01-02 11:27        --------        d-----w-        C:\_OTL

2011-12-30 15:39 . 2011-12-30 15:39        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-30 15:39 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-28 19:17 . 2011-12-28 19:17        --------        d-----w-        c:\program files\ESET

2011-12-28 13:55 . 2011-12-28 13:55        --------        d-----w-        c:\users\Dennis\AppData\Roaming\Avira

2011-12-28 13:44 . 2011-12-28 17:47        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-12-28 13:44 . 2011-12-28 17:47        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-28 13:44 . 2011-12-28 13:44        --------        d-----w-        c:\program files\Avira

2011-12-16 15:18 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-16 15:18 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-16 15:18 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-16 15:18 . 2011-11-23 13:37        2043904        ----a-w-        c:\windows\system32\win32k.sys

2011-12-16 15:18 . 2011-11-08 12:10        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-12-16 15:18 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-16 15:18 . 2011-11-08 14:42        2048        ----a-w-        c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 17:29 . 2011-11-23 17:29        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-11-18 15:39 . 2011-09-30 18:02        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 13:29 . 2009-10-02 17:18        222080        ------w-        c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-09-04 2560000]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 20:17        52256        ----a-w-        c:\program files\Home Cinema\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 14:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-02-09 18:51        71216        ----a-w-        c:\program files\Home Cinema\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-12-25 21:37        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-09 13:54        16896        ----a-w-        c:\program files\GoogleEULA\EULALauncher.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]

S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-28 340136]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-28 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-28 428200]

S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]

S2 MDESIGN License Manager;MDESIGN License Manager;d:\mdesign\MDESIGN\lmgrd.exe [2006-06-30 1339392]

S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]

S3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

HPService        REG_MULTI_SZ           HPSLPSVC

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 18:07]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 18:07]

.

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job

- c:\windows\system32\msfeedssync.exe [2011-12-16 04:44]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 94.31.65.69

DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

------- Dateityp-Verknüpfung -------

.

.scr=AutoCADScriptFile

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-03 11:49

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

c:\windows\TEMP\TMP0000003AFA0921435EEDC3FE 524288 bytes

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-01-03  11:53:45

ComboFix-quarantined-files.txt  2012-01-03 10:53

.

Vor Suchlauf: 10 Verzeichnis(se), 34.193.080.320 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 34.797.125.632 Bytes frei

.

- - End Of File - - 6EC96E7D81450F41335B7E838A59A41B

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:51:06 on 03.01.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl

"ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl

"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl

"trueprint.cpl" - "AuthenTec, Inc." - C:\Windows\system32\trueprint.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Dennis\AppData\Local\Temp\catchme.sys  (File not found)

"File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\Windows\system32\drivers\ikfilesec.sys

"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"System Filter Driver" (IKSysFlt) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksysflt.sys

"System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksyssec.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll

{ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll

{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll

{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll

{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? -   (File not found | COM-object registry key not found)

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll  (File not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)

{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? -   (File not found | COM-object registry key not found)

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll

{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll

{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "TIShelEx Shell Extension" - ? -   (File not found | COM-object registry key not found)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

{ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab

{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161

{BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}" - ? -   (File not found | COM-object registry key not found) / hxxp://game13.zylom.com/activex/zylomgamesplayer.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

"OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"EPSON V3 2KMonitor64" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_SL2064.DLL

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"AST Service" (astcc) - "Nalpeiron Ltd." - C:\Windows\system32\AstSrv.exe

"Autodesk Data Management Job Dispatch" (Autodesk Data Management Job Dispatch) - "Autodesk" - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

"Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe

"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"MDESIGN License Manager" (MDESIGN License Manager) - "Macrovision Corporation" - D:\MDESIGN\MDESIGN\lmgrd.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"PC Tools Auxiliary Service" (sdAuxService) - ? - C:\Program Files\Spyware Doctor\pctsAuxs.exe  (File not found)

"PC Tools Security Service" (sdCoreService) - ? - C:\Program Files\Spyware Doctor\pctsSvc.exe  (File not found)

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe

"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe

"SQL Server (AUTODESKVAULT)" (MSSQL$AUTODESKVAULT) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Code:

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software

Run date: 2012-01-03 21:55:25

-----------------------------

21:55:25.149    OS Version: Windows 6.0.6002 Service Pack 2

21:55:25.150    Number of processors: 2 586 0xF0D

21:55:25.156    ComputerName: DENNIS-PC  UserName: Dennis

21:55:26.023    Initialize success

21:56:06.313    AVAST engine defs: 12010300

21:56:38.379    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

21:56:38.383    Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3

21:56:38.395    Disk 0 MBR read successfully

21:56:38.400    Disk 0 MBR scan

21:56:38.410    Disk 0 Windows VISTA default MBR code

21:56:38.415    Disk 0 Partition - 00     0F Extended LBA             27093 MB offset 257088195

21:56:38.421    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       125531 MB offset 63

21:56:38.454    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1    27093 MB offset 257088258

21:56:38.469    Disk 0 scanning sectors +312576705

21:56:38.553    Disk 0 scanning C:\Windows\system32\drivers

21:56:56.969    Service scanning

21:56:58.762    Modules scanning

21:57:06.458    Disk 0 trace - called modules:

21:57:06.487    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

21:57:06.496    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864b5668]

21:57:06.505    3 CLASSPNP.SYS[887bc8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8560f030]

21:57:07.541    AVAST engine scan C:\Windows

21:57:19.437    AVAST engine scan C:\Windows\system32

22:01:55.536    AVAST engine scan C:\Windows\system32\drivers

22:02:13.560    AVAST engine scan C:\Users\Dennis

22:16:06.171    AVAST engine scan C:\ProgramData

22:19:48.846    Scan finished successfully

22:24:35.903    Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Documents\MBR.dat"

22:24:35.919    The log file has been saved successfully to "C:\Users\Dennis\Documents\aswMBR.txt"